"""
SQL注射攻击
LAMP ---> Linux + Apache + MySQL + PHP
万能密码：1'or'1'='1
MD5指纹，签名，摘要
万能用户名：原用户名' -- '
"""


from partial__01 import create_connect
username = input('用户名：')
password = input('密码：')

conn = create_connect(database='hrs')
with conn.cursor() as cursor:
    password = password
    cursor.execute(
        f"select user_id from tb_user1 where user_name='{username}'"
        f"and user_pass='{password}'"
    )
    if cursor.fetchone():
        print('登陆成功 ')
    else:
        print('登陆失败')
